Permissions & autonomy

You came into this chapter with an MCP server wired up — Copilot can now reach your internal service registry and see, for itself, which twelve services depend on shared-lib. That visibility raises the stakes rather than lowering them: you now know exactly how far a wrong move ripples. So this is the moment everything in Act 1 has been building toward. The shared-library change is ready, and you’re about to actually ship it — to a library a dozen services import.

That’s the highest-blast-radius work in the whole course, and it’s no accident it lands here. Back in the modes chapter you learned to match autonomy to blast radius, not difficulty — to give the agent a long leash where mistakes are cheap and a short one where they’re expensive. Modes were where you first made that call. Permissions are where it becomes a setting. The mode decides how Copilot works; permissions decide how much it’s allowed to run without asking you first. On shared-lib, the answer is: not much. Every consequential command crosses your desk before it executes.

This chapter is the dial itself:

• The three approval levels — Default, Bypass Approvals, and Autopilot, and what each one actually auto-runs.
• The checkpoint — reviewing risky commands — the one place autonomy pauses for a human by default, and why on shared-lib you keep it.
• Match autonomy to blast radius — the payoff: tight on shared-lib, loose on orders-service, same engineer, opposite settings. This closes Act 1.

Start with the levels — the three settings you’re choosing between. The three approval levels.